GHSA-g7xr-v82w-qggq

Опубликовано: 13 июн. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Code Injection in SEOmatic

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2021-41749
https://github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d9f2f7d
https://github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md

Пакеты

Наименование

nystudio107/craft-seomatic

composer

Затронутые версииВерсия исправления

< 3.4.11

3.4.11

EPSS

Процентиль: 99%

0.85815

Высокий

9.8 Critical

CVSS3

CVE ID

CVE-2021-41749

Дефекты

CWE-94

Связанные уязвимости

CVE-2021-41749

CVSS3: 9.8

nvd

больше 3 лет назад

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

EPSS

Процентиль: 99%

0.85815

Высокий

9.8 Critical

CVSS3

CVE ID

CVE-2021-41749

Дефекты

CWE-94